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Method for Supporting Single Sign On 

[001] The present invention relates to a method for changing password data, and more 
particularly, to a method for securely supporting password change for a central database of 
passwords independent of some processes with which the password is associated. 

Background of the invention 

[002] Security is fast becoming an important issue. It is well known that with the 
proliferation of computers and computer networks into all aspects of business and daily life - 
financial, medical, education, government, and communications - the concern over secure file 
access is growing. Using passwords is a common method of providing security. Password 
protection and/or combination type locks are employed for computer network security, automatic 
teller machines, telephone banking, calling cards, telephone answering services, houses, and 
safes. These systems generally require the knowledge of an entry code that has been selected by 
a user or has been preset. 

[003] In many large companies, the computer system is organized as a network to reduce the 
cost of purchasing and installing software on all the stations existing in the company. A main 
advantage of using a network is to facilitate data accessibility to each employee. However, it is 
necessary to limit access of a company's network to the company's employees. As such, prior to 
access the company's network, a password window prompted the company's employees to enter a 
login identity and an associated password. Usually, a user specifies passwords. Most users, being 
unsophisticated users of security systems, classically choose as the login identity their first name, 
and their dog's name as a password for example. Each time a user is prompted to enter his 
password, the password is always identical to the one previously entered by the user unless the user 
has modified his password during a previous session. As such, many password systems are easily 
accessed through a simple trial and error process. 
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[004] Optionally, to make the system more difficult to break, the network system is organized 
in such a way that regularly all the employees are prompted to change their password, or are 
required to ran a specific routine to change their password. Often, the system allows the users to 
combine a non-determined number of letters, either small or capital, and digits in their passwords. 
During the time period lasting between two successive modifications of a password, the password 
remains unchanged. A competent person may rapidly find out the password of a user and access a 
company's network. 

[005] Optionally, a password is stored in a password database and user authorisation 
information such as biometric information, a digital key, a smart card, or a global password is 
required to retirieve the password. When the password is retrieved, it is provided to the password 
window. It is known to those skilled in the art that a biometric identification system accepts unique 
biometric information from a user and identifies the user by matching the information against 
information belonging to registered users of the system. Fingerprint sensing and matching is a 
reliable technique for personal identification and/or verification. 

[006] The combination of a password and biometric information such as a fingerprint for 
example is beneficial because it increases the security and limits accessibility to a system. 
However, an association between a biometric information sample and a password also raises a 
problem when the password is changed. If an individual changes his password manually using, 
for example, a change password command of a password protected system, a next time he wants 
to access the system and provides his fingerprint, his old password is retrieved and provided to 
the password prompt. The old password is not current and therefore a message indicating that 
the password is incorrect is provided for the user. Thus, the user has to manually type in the new 
password. Eventiially, the user can ran a password change routine wherein the old password is 
provided along with the fingerprint, the new password typed in and the biometiic sample 
assigned from then to the new password. 
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Object of the Invention 

[007] To overcome such an inconvenience, it is an object of this invention to provide a 
method for automatically assigning a new password. 

[008] It is another object of the present invention to provide a method of detecting a 
password change operation in a system and prompt for a new password. 

[009] It is another object of the present invention to provide a method of detecting a 
password change command and authorizing a password change operation. 

Summary of the invention 

[0010] In accordance with a preferred embodiment of the present invention, there is provided 
a method of securely supporting password change comprising the steps of: detecting an 
occurrence of a change of password operation in execution on a system and for receiving a new 
password by the system; detecting the new password when provided; storing data indicative of 
the new password in a database other than the password database of the system for later retrieval, 
the data indicative of the new password for provision to the system. 

[0011] In accordance with another preferred embodiment of the present invention, there is 
provided a method of securely supporting password change comprising the steps of: detecting a 
change password operation in execution on a system; displaying to a user a prompt for a new 
password, the prompt independent of the password change operation; receiving the new 
password; performing an operation to change the password to the new password in the system; 
and, storing the new password in a database independent of the change password operation and 
of the database where the changed password is stored by the change password operation. 

[0012] In accordance with another preferred embodiment of the present invention, there is 
provided a method of securely supporting password change comprising the steps of: detecting a 
password change operation in execution on a system; displaying to a user a prompt for 
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authentication information, the prompt independent of the password change operation; receiving 
the authentication information; when the authentication information is indicative of a user, 
providing a password associated with the user to the system; performing an operation to change 
the password to a new password in the system; and, storing the new password in a database 
independent of the change password operation and of the database where the changed password 
is stored. 

Brief description of the drawings 

[0013] Exemplary embodiments of the invention will now be described in conjunction with 
the following drawings, in which: 

[0014] Fig. 1 is a flow diagram of a prior art method of associating a password to a 

fingerprint upon a match of a fingerprint with an associated template; 

[0015] Fig. 2 is an example of a prior art password window dialog display; 

[0016] Fig. 2a is an example of a filled password window dialog box on a computer screen 

display; 

[0017] Fig. 3 is a flow diagram of a prior art method of changing password; 

[0018] Fig. 4 is a flow diagram of a prior art method of retrieving the password for provision 

to the system; 

[0019] Fig. 5 is a flow diagram of a method of securely supporting password change in 

accordance with a preferred embodiment of the present invention; 

[0020] Fig. 6 is a flow diagram of a method of securely supporting password change in 

accordance with another preferred embodiment of the present invention; 

[0021] Fig. 7 is a flow diagram of a method of securely supporting password change in 

accordance with another preferred embodiment of the present invention; and, 

[0022] Fig. 8 is a flow diagram of a method of securely supporting password change in 

accordance with another preferred embodiment of the present invention wherein a choice is 

given to the user. 
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Detailed description of the invention 

[0023] In the prior art, many security systems involving imaging fingerprints to allow access 
for example to a building, to a specific area within a building, to a computer, are described. The 
security systems wherein biometric information is used for identifying and authorizing access to 
an individual mostly rely on a prior art method as shown in Fig.l. After a biometric information 
sample, in a form of a fingerprint for example, has been provided to a system, in order to 
generate a fingerprint, a fingertip is imaged to generate an image thereof, which is called a 
fingerprint or a fingerprint image. The fingerprint is then characterized. During the process of 
identification, the characterized fingerprint is compared to stored templates associated with 
fingerprints of the person - for a one-to-one identification system - or of any person registered 
for access the system - in a one-to-many identification system. Upon a positive result of the 
comparison, when there is a match between the provided fingerprint and a stored template 
associated with a fingerprint, the system provides a password associated with the stored template 
to, for example, a legacy password based system and the user is identified and authorized. 

[0024] Referring to Fig. 2, an example of a screen display prompting an employee to enter a 
login identity and an associated password to allow the employee to access the network. An 
example of the display of Figure 1 filled in is shown in Fig. 2a. Classically, the login identity is 
the user's name, illustrated here, as "Smith". For security purpose, each character of the 
password is replaced with a star on the display so that nobody can read it. Each time a user is 
prompted to enter his password, the password is always identical to the one previously entered 
by the user unless the user has changed his password during a previous session. 

[0025] Optionally, to make the system more difficult to break, the network system is 
organized in such a way that, regularly, all the employees are prompted to enter a new password 
in order to change the passwords at regular intervals. Often, the system allows the users to 
combine a non-predetermined number of letters, either small or capital, and digits in their 
passwords. Referring to Fig. 3, a prior art method of changing passwords is shown. In order to 
access a system, the password change window prompts a user to provide an identity and the old 
password associated with the provided identity. Once authorized, the user is able to provide the 
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system with a new password. Typically, the user is prompted to type in a new password two 
times. The new password is stored in a password database of an application or operating system 
related to the password change operation on the system and now replaces the old password. 

[0026] Referring now to Fig. 4, a flow diagram of a method of retrieving the password for 
provision to the system is shown. For accessing a system, a user provides authorization data, in 
the form of biometric information sample or information stored on a smart card. The 
authorization data is verified and is used to retrieve data indicative of the user password. Upon 
provision of the authorization data, the password is retrieved from a database other than the 
password database of the system or application and provided to the system or application so that 
the user can gain access thereto. 

[0027] The authorization data permits identifying a user based on, for example, biometric 
information provided therefrom. This provides an indication that the correct person was actually 
present when the request for changing a password was provided. A major advantage of using 
biometric information for retrieving a password is that the password does not have to be 
memorized. Typically, the user provides biometric information from a biometric source. The 
biometric information is characterized, processed and compared against templates stored in the 
system. Upon a match of the features extracted from the templates and the characterized 
biometric information corresponding to the biometric source provided by the user, an 
authorization signal is either provided or denied. 

[0028] Referring now to Fig. 5, a method for securely supporting password change in 
accordance with a preferred embodiment is shown. To facilitate the comprehension of the 
figure, lines are plain for showing a classic password change routine flow, whereas dashed lines 
show changes in process flow for securely supporting password change. Each individual also 
has access from its workstation to a password change command. It is understandable that when a 
user has any doubt concerning the confidentiality of his password, he can change it 
independently of a network administrator. The user accesses the system and provides a command 
for a password change operation to be performed on the system. Usually, the user is prompted to 
type in a new password twice as disclosed with reference to Fig. 3, and then the new password is 
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stored in a password database on the system. Inconveniently, the password is changed 
independently of the authorization data or log in information when the system supports user 
authorization and password retrieval as disclosed with reference to Fig. 4. Therefore, the next 
time the user tries to access the system, his password information will not match with the new 
password - it has not been updated, and access will be denied. 

[0029] According to the present invention, when a change password operation in execution 
on the system occurs, it is detected. That said, any password change command options in the 
form for example of the word "password" or the abbreviation ''pwd" typed in are recognized. Of 
course, though it is preferred that all possible password change operations are detected, the 
present invention is advantageous if even a single change password operation is detected. The 
new password is changed and data indicative of the new password is stored in the password 
database on the system. Approximately simultaneously, the new password is detected by another 
process that uses the detected data to change the password in another database. For example, the 
data indicative of the new password is automatically associated with the authorization data 
within a system such as that of Fig. 4. Therefore, for future accesses to the system, the user just 
provides his authorization data in a form of a fingerprint for example, the system retrieves the 
data indicative of the new password associated with the authorization data and the user is 
authorized to access the system. 

[0030] Alternatively, the storage of the new password in a password database on the system 
is detected and data indicative of the new password are also detected for storing in a database 
other than the password database on the system. 

[0031] Interestingly, the user is not aware of the detection procedure and of the automatic 
assignment of the authorization data to the data indicative of the new password. Therefore, the 
user types in a new password twice for storing the new password in a password database on the 
system, data indicative of the new password is saved in a database other than the password 
database on the system and the password is changed on the system, and the user does not have to 
retype this new password for further access. However, because of the transparency of such a 
system, the user does not know whether his new password has effectively been changed or not. 
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[0032] Referring now to Fig. 6, a flow diagram of a method of securely supporting password 
change in accordance with another preferred embodiment of the present invention is shown. 
Here, a password change operation is detected and a secure password change process prompts 
the user for a new password to allow the change password operation to proceed. The new 
password is provided to the process to allow changing of the password is stored in an 
independent database. The data indicative of the new password is automatically associated with 
the authorization data in replacement of the data indicative of the old password. From the 
independent database, the new password is provided to a password database on the system to 
change the password there. The prompt for a new password by the secure password change 
process instead of by the process associated with the system or application notifies the user that 
the password change operation has been detected and that the new password is accurately stored. 

[0033] Advantageously, the above process is implemented with no apparent change to the 
users of the system. In other words, a user is completely unaffected by the method of Fig. 6, 
since it is transparent to the user and does not affect any existing change password processes. 

[0034] Referring now to Fig. 7, a flow diagram of a method of securely supporting password 
change in accordance with another preferred embodiment of the present invention is shown. 
Here, a password change operation is detected and a secure user authorization process prompts 
the user for an authorization data. Once authorized, the system allows the change password 
operation to proceed. The new password is provided to allow changing of the password is stored 
in an independent database. The data indicative of the new password is automatically associated 
with the user identity in replacement of the data indicative of the old password. From the 
independent database, the new password is provided to a password database on the system to 
change the password there. The prompt for user authorization data by the secure authorization 
process instead of by the process associated with the system or application notifies the user that 
the password change operation has been detected and that the new password is accurately stored. 

[0035] The above process is highly advantageous. It provides a single password change 
process and as such a single ergonomic interface for changing passwords. Therefore, design and 
implementation of the secure change password process replaces all legacy change password 
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processes allowing for better information for the users and a more modem and ergonomic 
process. 

[0036] Further advantageously, the above process allows for changing of passwords of 
several systems/files/applications simultaneously. Thus, a single change password operation is 
used where before several or several hundred processes would have been required. This is most 
applicable when changing a password used to protect a single file such as a Microsoft ® Word® 
file or the like, 

[0037] Of course, it is evident to those of skill in the art that a password entered in 
accordance with the above described process is optionally long and complex since there is no 
need to remember the password. Because of the automatic password retrieval, a user never needs 
to know their password so an arbitrary string of characters such as 
"efkjhgbshgdxfbkj#$$JHYT$kjsfd*(&REW^kvhgfd)(^^^&^%C^Tvchbjhf86%(%(ffgf 
nm.b.nm.,mn.vb2609" is usable as a password allowing for greatly increased security. 

[0038] Another advantage to the present method is that it allows tracking of old passwords to 
provide for access to older system restorations or old files that were saved using earlier 
passwords. 

[0039] Of course, the process also supports different passwords for different systems, files 
and applications without substantial user inconvenience. This is achieved by storing each 
password in association with data indicative of the user identity or authorization and the system, 
file, or application with which the password is to be used. Of course, more complex associations 
are also possible when desired. 

[0040] Referring now to Fig. 8, a flow diagram of a method of securely supporting password 
change for use with the method of Figure 7 wherein a choice is given to the user is shown. 
During the password change operation and after user authorization, the user is given the 
opportunity to either enter a password or to have the process automatically generate a new 
password. Therefore, in the case of a computer-generated password, the user does not have to 
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invent and remember the new password because it is automatically assigned to his authorization 
data and automatically retrieved for access to the system. Consequently, choosing a computer- 
generated password means that the new password is never typed in which decreases the 
possibilities of a Trojan Horse application from detecting same. 

[0041] Advantageously, when a password is automatically generated, it is unknown to the 
user. This makes the password impossible to ascertain except by breaching security of password 
database. For example, when automatic password generation is used, an encryption key may 
form each password allowing for security relating to access and for encryption of file data to 
prevent mining of file data. 

[0042] Numerous other embodiments may be envisaged without departing from the spirit 
and scope of the invention. 
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